<?php
	
	session_start();
	require("connect.php");
	$link = connect_APO();
		
	if(isset($_POST['submit'])) :
		$username = $_POST['username'];
		$password = $_POST['password'];
		$query = sprintf("SELECT ID, Fname, TotCredit, MC, ML, v.Status, v.TotCreditsNeeded FROM users as u, variables as v WHERE u.ID = '%s' AND u.Pass = PASSWORD('%s') AND u.Status = v.Status LIMIT 1;", mysql_real_escape_string($username), mysql_real_escape_string($password));
		$result = mysql_query($query);
		if(1 != mysql_num_rows($result)):
			// With error saying wrong password?
			header('Location: login.php');
		else :
			$row = mysql_fetch_assoc($result);
			$_SESSION['ID'] = $row['ID'];
			$_SESSION['FName'] = $row['Fname'];
			$_SESSION['TotCredit'] = $row['TotCredit'];
			$_SESSION['Status'] = $row['Status'];
			$_SESSION['TotCreditsNeeded'] = $row['TotCreditsNeeded'];
			if ($row['MC']){
				$_SESSION['type'] = 'coordinator';
			} else if ($row['ML']){
				$_SESSION['type'] = 'leader';
			} else {
				$_SESSION['type'] = 'bro-pledge';
			}
			header('Location: index.php');
		endif;
	endif;
	
	mysql_close($link);
?>
